time: Avoid undefined behaviour in ktime_add_safe()
I ran into this: ================================================================================ UBSAN: Undefined behaviour in kernel/time/hrtimer.c:310:16 signed integer overflow: 9223372036854775807 + 50000 cannot be represented in type 'long long int' CPU: 2 PID: 4798 Comm: trinity-c2 Not tainted 4.8.0-rc1+ #91 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014 0000000000000000 ffff88010ce6fb88 ffffffff82344740 0000000041b58ab3 ffffffff84f97a20 ffffffff82344694 ffff88010ce6fbb0 ffff88010ce6fb60 000000000000c350 ffff88010ce6f968 dffffc0000000000 ffffffff857bc320 Call Trace: [<ffffffff82344740>] dump_stack+0xac/0xfc [<ffffffff82344694>] ? _atomic_dec_and_lock+0xc4/0xc4 [<ffffffff8242df78>] ubsan_epilogue+0xd/0x8a [<ffffffff8242e6b4>] handle_overflow+0x202/0x23d [<ffffffff8242e4b2>] ? val_to_string.constprop.6+0x11e/0x11e [<ffffffff8236df71>] ? timerqueue_add+0x151/0x410 [<ffffffff81485c48>] ? hrtimer_start_range_ns+0x3b8/0x1380 [<ffffffff81795631>] ? memset+0x31/0x40 [<ffffffff8242e6fd>] __ubsan_handle_add_overflow+0xe/0x10 [<ffffffff81488ac9>] hrtimer_nanosleep+0x5d9/0x790 [<ffffffff814884f0>] ? hrtimer_init_sleeper+0x80/0x80 [<ffffffff813a9ffb>] ? __might_sleep+0x5b/0x260 [<ffffffff8148be10>] common_nsleep+0x20/0x30 [<ffffffff814906c7>] SyS_clock_nanosleep+0x197/0x210 [<ffffffff81490530>] ? SyS_clock_getres+0x150/0x150 [<ffffffff823c7113>] ? __this_cpu_preempt_check+0x13/0x20 [<ffffffff8162ef60>] ? __context_tracking_exit.part.3+0x30/0x1b0 [<ffffffff81490530>] ? SyS_clock_getres+0x150/0x150 [<ffffffff81007bd3>] do_syscall_64+0x1b3/0x4b0 [<ffffffff845f85aa>] entry_SYSCALL64_slow_path+0x25/0x25 ================================================================================ Add a new ktime_add_unsafe() helper which doesn't check for overflow, but doesn't throw a UBSAN warning when it does overflow either. Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@kernel.org> Cc: Richard Cochran <richardcochran@gmail.com> Cc: Prarit Bhargava <prarit@redhat.com> Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: John Stultz <john.stultz@linaro.org>
This commit is contained in:
parent
469e857f37
commit
979515c564
@ -63,6 +63,13 @@ static inline ktime_t ktime_set(const s64 secs, const unsigned long nsecs)
|
||||
#define ktime_add(lhs, rhs) \
|
||||
({ (ktime_t){ .tv64 = (lhs).tv64 + (rhs).tv64 }; })
|
||||
|
||||
/*
|
||||
* Same as ktime_add(), but avoids undefined behaviour on overflow; however,
|
||||
* this means that you must check the result for overflow yourself.
|
||||
*/
|
||||
#define ktime_add_unsafe(lhs, rhs) \
|
||||
({ (ktime_t){ .tv64 = (u64) (lhs).tv64 + (rhs).tv64 }; })
|
||||
|
||||
/*
|
||||
* Add a ktime_t variable and a scalar nanosecond value.
|
||||
* res = kt + nsval:
|
||||
|
@ -307,7 +307,7 @@ EXPORT_SYMBOL_GPL(__ktime_divns);
|
||||
*/
|
||||
ktime_t ktime_add_safe(const ktime_t lhs, const ktime_t rhs)
|
||||
{
|
||||
ktime_t res = ktime_add(lhs, rhs);
|
||||
ktime_t res = ktime_add_unsafe(lhs, rhs);
|
||||
|
||||
/*
|
||||
* We use KTIME_SEC_MAX here, the maximum timeout which we can
|
||||
|
Loading…
Reference in New Issue
Block a user